<?PHP
unset($error);unset($debug);unset($TRIALPAY);
##SETTINGS##
define('EMAILADMIN', "[email protected]");
define('SITENAME', "My Site");
define('SECRETKEY', "");
//Globals:
$error = false;
$TRIALPAY = array();
$lng = "en";
$datetime = date("d-m-Y h:i:s");
define('DATETIME', $datetime);
//start script
if(!isset($_POST)){ //works only with POST request
$error['NoPost'] = "There is no POST data available. Possible direct access. IP: ".$_SERVER['REMOTE_ADDR'].". User agent: ".$_SERVER['HTTP_USER_AGENT'];
ErrorReport($error);
@header("Status: 404 Not Found");
echo "Error 404 - not found";
exit;
}
@header("Status: 200 OK");
array_walk($_POST, 'CheckValues');
unset($_POST);
if(CheckSig() === false){
$error['Signature'] = "Bad signature on message";
ErrorReport($error);exit;
}
main($lng);
if(!empty($error)) ErrorReport($error,$error['close'] = 0);
@mysql_close();
exit();
//-------------------------------------------------------------------------------------
function CheckSig(){
global $error, $TRIALPAY;
$message_signature = $_SERVER['HTTP_TRIALPAY_HMAC_MD5']; //dit zou moeten werken?
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
// the following is for POST notification
if (empty($HTTP_RAW_POST_DATA)) {
$recalculated_message_signature = hash_hmac('md5', file_get_contents('php://input'), SECRETKEY);
} else {
$recalculated_message_signature = hash_hmac('md5', $HTTP_RAW_POST_DATA, SECRETKEY);
}
} else {
// the following is for GET notification
$recalculated_message_signature = hash_hmac('md5', $_SERVER['QUERY_STRING'], SECRETKEY);
}
if ($message_signature == $recalculated_message_signature) {
return true;
} else {
$error['SignatureErrdeb'] = "mess sig: -$message_signature- | calc sig: -$recalculated_message_signature-";
return false;
}
}
function main($lng = "en"){
global $error,
$TRIALPAY;
if(!empty($error)){
ErrorReport($error); //stop script if error is found here
}else{
if($TRIALPAY['event'] == "Adjustment"){ //its not an order thus must be adjustment
handleAdjustment();
}elseif($TRIALPAY['event'] == "Order"){
//process order logic and deliver your product
}else{
$error['BadEvent'] = "Unknown event registered; ".$TRIALPAY['event'];
ErrorReport($error);
}
}
}
function CheckValues($value, $key) {
//check all values plus convert them to local vars and make sure all vars are safe.
global $error, $TRIALPAY;
if(trim($value) != ""){
$key = htmlspecialchars(trim($key), ENT_QUOTES);
$value = htmlspecialchars(trim($value), ENT_QUOTES);
$TRIALPAY[$key] = $value; //to local
}
}
function handleAdjustment(){
//Handle adjustments to existing orders.
global $error, $TRIALPAY;
#### Handle adjustment to an order logic####
$error['Adjustment'] = "There has been an order -adjustment- that requires attention. Order id: -".$TRIALPAY['oid']."-\n\nOld data:\n$olddata\n\nNew data:\n$newtrialpaydata\n\n -done- ";
ErrorReport($error);
}
function ErrorReport($args){
//accepts multiple arguments constructed in an array
//eg ErrorReport(array("Error" => value, "Error2" => value))
if( !is_array($args) || empty($args) ) {
return 0;
}
$errdata = "Following errors have been detected:\n";
foreach($args as $key=>$error){
$errdata .= "$key - $error\n\n";
}
mail(EMAILADMIN,"Error report- TrialPay (".SITENAME.")","TrialPay errors / notifications have been detected.\nMessage:\n$errdata\n\n Best regards,\n".SITENAME."\n","From: ".EMAILADMIN);
if($args['close'] != 0){ //abort whole script by default except if 'close' isset to zero it wont
@mysql_close();
exit();
}
}
?>
|
Download
